SonarQube Token

Description

General

Documentation: https://docs.sonarqube.org/latest/extend/web-api/
Summary: SonarQube is an open-source platform for continuous inspection of code quality and detection of code vulnerabilities. SonarQube provides a web API to access its functionalities from applications. This detector focuses on detecting the SaaS token format (which is scope-agnostic) and the on-prem prefixed user, global analysis and project analysis tokens used to authenticate API calls.

Revoke the secret

The tokens can be revoked from the security tab of accounts. For On-Premise instances of SonarQube go to User > My Account > Security and click on the Revoke button.

Details for `SonarQube Token`

Family: token
Category: code_analysis
Company: SonarQube
High recall: False
Validity check available: True
Analyzer available: False
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 12.35
Prefixed: False

Details for `SonarQube Token with Prefix`

Family: token
Category: code_analysis
Company: SonarQube
High recall: False
Validity check available: True
Analyzer available: False
On-premise instances exist: True
Only valid secrets raise an alert: False
Minimum number of matches: 1
Occurrences found for one million commits: 9.01
Prefixed: False

SonarQube Token

Description

General

Revoke the secret

Details for `SonarQube Token`

Details for `SonarQube Token with Prefix`

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Description​

General​

Revoke the secret​

Details for SonarQube Token​

Details for SonarQube Token with Prefix​

Was this page helpful?

Something we didn’t cover?

See our Roadmap

Subscribe on GitHub

Submit a request

API status

Subscribe to our newsletter

Description

General

Revoke the secret

Details for `SonarQube Token`

Details for `SonarQube Token with Prefix`